KoolSpan's new TrustChip technology could spark interest in mobile device voice encryption with its smaller form factor, ease of use, and low price.

A new fingertip-sized voice encryption chip could lead to broader adoption of mobile device voice encryption.

Next month, KoolSpan will release the TrustChip, a US$300 encryption chip in an SD memory card form factor that end users themselves can slide into any Windows Mobile or Symbian device with an SD card slot.

Download this free guide

Definition guide: Unified Communications

In this e-guide, we break down what unified communications actually is through a series of definitions. Also, discover how UC is still relevant to mobile, why the mobile UC market is struggling and how blockchain can help to make you a happier person.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The TrustChip automatically encrypts voice data when an end user calls another TrustChip-enabled phone.

"It creates a secure encryption key session between two devices with chips," said Tony Fascenda, CEO of KoolSpan, a vendor of embeddable encryption technology.

The market for voice encryption on mobile devices has been limited so far in the US. Experts say the technologies on the market tend to be expensive and unwieldy.

A KoolSpan-sponsored survey of 219 IT managers published last August revealed that 44% of respondents were aware that voice communication on mobile and cellular networks is not secure, but only 8% had actually deployed a secure voice solution.

"There's a general trust for carriers in this country," said Jeff Stern, vice president of business development for KoolSpan. "There is a well-defined process by which the government can tap a phone if it wants to, and the bad guys generally don't have access to carrier networks. In other countries, the lines are blurred."

But enterprises outside the United State are much more aware of the vulnerability of mobile voice conversations to eavesdropping.

"Many of the same attacks that occur overseas can occur here," Stern said. "A lot of tools for committing these attacks may be illegal here, but they can be obtained online."

Nick Selby, senior analyst and director of enterprise security at The 451 Group, said the TrustChip is more affordable and easier to use than other mobile device voice encryption technologies on the market.

"It would first be of interest to vertical markets that are highly regulated or highly competitive and so subject to industrial or corporate espionage," Selby said. "Also, if you're a CEO going into China or going to Europe, you want to have encrypted voice capabilities."

There are several specialised vendors that modify mobile phones with embedded encryption, but these "spook phones" don't measure up, Selby said. To begin with, they can talk only to similarly modified phones, while TrustChip phones can call anyone. The TrustChip encrypts voice only when the phone calls another TrustChip phone. The user will see an icon on his display that informs him that the call is encrypted.

"If you were to go with spook phones, those are in the neighbourhood of US$1,500. They tend to be older hardware, '90s-era Nokia phones," Selby said. "They are extremely expensive, and they are limited in functionality."

Other vendors offer software-based encryption services for mobile devices. Selby said one leader in this method is the German whole-disk encryption vendor Utimaco Safeware. Selby described the Utimaco approach as effective but daunting.

"You have to have an enterprise that is standardised on a certain kind of device," Selby said. "Then you take the corporate image of the operating system for that device and send it to [Utimaco]. They reprogram it so that it has encryption models. Then they send it back to you and you flash it onto everyone else's handsets, but you loose the address books and calendars and everything else because you're reflashing everything onto their phones."

The TrustChip platform consists of three main components, Fascenda said. The chip, with its embedded encryption software is the first piece. The second piece is TrustCenter, a Linux-based management server that allows enterprises to manage chips, create groups and set policies. The third piece is the TrustChip software development kit (SDK), which will allow third parties to connect the encryption technology to other mobile applications.

Selby said the SDK will allow third-party developers to extend the chip's software to encrypt mobile email, instant messages and other business applications. The SDK could also allow developers to extend use of the TrustChip into other devices that accept an SD card, such as laptop and desktop PCs.

"If you can push it to email and other applications, now you're talking about mainstream adoption, such as the financial industries, insurance, healthcare," Selby said. "This would have widely horizontal legs."

A management feature of the platform, known as TrustGroups, will also spur new interest in mobile device encryption, he said.

"TrustGroups totally reduces scale. Rather than having an encryption key unique to each user, what we've done is assign a TrustGroup a very large collection of keys. That collection is given to all users that belong in a TrustGroup," Fascenda said. "So if you're in an organisation, say an oil company, everyone in that enterprise would have the same TrustGroup key. The enterprise could create a second group to secure communication with suppliers and partners. And only the members of the enterprise that have to deal with those suppliers would be in a TrustGroup with those suppliers."

"This sets up granular control over which groups trust which groups," Selby said. "Let's say you have 12 people in a company. Three are in management but just one guy in management talks to the company's venture capital firm. The venture capital can talk to his contact with the company, and no one else in the company can hear that. And those three guys in management can talk to each other, but the rest of the company can't hear those conversations."

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy